Image result for googleGoogle recently announced that they're launching a new Chrome extension that will check your passwords against a list of known compromised passwords. This is a fantastic recommendation (the concept), in light of the National Institute of Standards and Technology (NIST) making new password guidelines in 2017 that included making this check. So what's bad about this?

Simply put, now Google is going to take your passwords and constantly check them against a list - but can Google be trusted to do this securely? With reports of Google refusing to work with the U.S. Military but instead aiding China's military and concerns about privacy becoming more prominent in the news, a person should be extremely cautious allowing an online service to do this.

This shouldn't take away from the fact that it is actually a great practice to ensure your passwords are not already out there in the wild. There are commercially available software packages that will download these lists locally to your server and perform these checks within your system, ensuring the preservation of privacy. In addition, using a password manager to generate long, unique, and random passwords for your online activities is an excellent way to mitigate this risk. We've written about Picking Perfect Passwords in the past, so we won't touch on those tips in this article so what's the final thought?

We say, "Nice try, Google, but no, thanks."